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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued exannination under 37 CFR 1 .1 14, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. 

2. Applicant's submission filed on October 14, 2004 has been entered. 

o Claims 1,5,6, 12, 13, 16, 17, 21, 22, 28, and 29 have been amended, 
o Claims 7-1 1 , 14-15. and 23-27 have been canceled, 
o Claim 30 has been added. 

o Claims 1-6, 12-13, 16-22, 28-30 are pending in this Office Action. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-6, 12-13, 16-22, 28-30 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Dulin et al. (US 2002/0029200A1), hereinafter "Dulin", and in view of 
Sinn (US 2002/0166049 Al), hereinafter "Sinn". 
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As per claims 1,17, 29, Dulin discloses a method, a computer readable medium 
and a system for validating digital certificates (Page 1, [0007]) having a server (Fig. 2, 
element 108), an Online Certificate Status Protocol responder (Fig. 2, elements 104), a 
certificate authority (Fig. 2, element 102) associating a certificate database (Fig. 2, 
element 214) including records associated with digital certificates, comprising: 

o "receiving at the OCSP responder an OCSP request associated with a digital 
certificate generated by the server" at page 5, [0075], [0077]; 

(Dulin teaches the relying customer 108 (i.e., "the server") 
creates an OCSP request associated with a digital certificate 
and send to the relying participant 104.) 

o "creating by the OCSP responder, a database query based on the received 
OCSP request" at page 5, [0078]- [0079]; 

(Dulin teaches the relying participant 104 generate a new 
request and sends it to the certificate issuing participant 
102) 

o "sending by the OCSP responder the database query to the certificate database 
associated with the certificate authority to determine whether the digital certificate 
is valid" at page 6, [0081]; 
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(Dulin teaches the issuing participant 102 check its customer 
database 214 to make sure that the request was signed by an 
entity authorized to make the request) 

© "receiving at the OCSP responder a database query result indicating whether the 
digital certificate matches a corresponding certificate entry stored in one of the 
certificate database records" at page 6, [0085]; 

(Dulin teaches the step of sending query result from the 
issuing participant 102 to the replying participant 104) 

o "determining, by the OCSP responder, the validity of the digital certificate based 
on the database query result" at page 6, [0091]; and "notify the server of the 
determined validity of the digital certificate." at page 6, [0092]. 

The different between the invention of claims 1, 17, 29 and Dulin's teaching is that 
Dulin teach the step of creating and sending a database query but does not explicitly 
teach that the database query is a "Lightweight Directory Access Protocol database 
query" (LDAP) as claimed. However, Sinn teaches a similar method for certificate 
validation, including a database for storing certificates (Fig. 52, element 36, 2082), 
wherein the database is an LDAP Directory Server and communicates with other 
server/modules using LDAP over SSL" at page 6, [01 19]. Thus, it would have been 
obvious to one of ordinary skill in the art at the time of the invention was made to 
combine Dulin and Sinn's teachings to implement the certificate database using the 
well-known LDAP directory server as suggested by Sinn, in order to take advantage of 
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the legacy LDAP directory server to store digital certificates instead of building a new 
database server for storing digital certificates, and therefore reduces the cost and the 
complexity of the system. 

As per claims 2, 18, Dulin and Sinn teach the method, computer readable 
medium and system of claims 1, 17 as discussed above. Sinn also teaches: "wherein 
the Lightweight Directory Access Protocol database query includes an instruction to 
return a selected portion of a database record" at [0128]-[0129]. 

As per claims 3, 19, Dulin and Sinn teach the method, computer readable 
medium of claims 1 , 1 7 as discussed above. Sinn further teaches a Certificate 
Registration module (Fig. 54) for adding new digital certificates to the database 
comprising: 

o "sending an indication of a new digital certificate from the certificate authority to 
the certificate database upon issuance of the new digital certificate" at page 31, 
[0372]; 

o "receiving, by the certificate database, from the certificate authority, an indication 
of the new digital certificate; and creating a certificate database record reflecting 
an identity of the new digital certificate" at page 31, [0374]-[0375]. 

Thus, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to incorporate Sinn's Certificate registration module into Dulin's 
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system so that the system would allow adding and certificates to the database and 
checking status of the certificates when new certificates are issued. 

As per claims 4, 20, Dulin and Sinn teach the method and computer readable 
medium of claims 1, 17 as discussed above. Sinn further teaches the Certificate 
Registration module for revoking digital certificates comprising the steps of: 

o "sending an indication of a revoked digital certificate from the certificate authority 
to the certificate database upon revocation of the revoked digital certificate" at 
page 32, [0382]; 

o "receiving by the certificate database, from the certificate authority, the indication 
of revocation of the revoked digital certificate" at page 32, [0383]; 

o "removing a certificate database record associated with the revoked digital 
certificate from the certificate database" at page 32, [0384] . 

Thus, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to incorporate Sinn's certificate revocation steps into Dulin's 
system so that the system would allow revocation of digital certificates and updating the 
database to reflect the revoked status of the certificates. Maintaining a database with 
certificate revocation status would allow real time status checking for digital certificates 
and enable secured transaction based on the status of digital certificates. 

As per claims 5, 21, Dulin teaches a method and a computer readable medium 
in a data processing system for validating digital certificates (page 1 , [0007]), the data 
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processing system having a certificate authority (Fig. 2, element 102) and a directory 
server having a database (Fig. 2, elements 202, 212, 214), the method performed by 
the directory server comprising: 

e "maintaining a database of valid digital certificates" at page 21 , [0262]; 

o receiving a query based on an online certificate status protocol request indicating 
a requested digital certificate" at page 5, [0079]; 

o "searching the database for a database record reflecting an identity of the 
requested digital certificate" at page 6, [0081]; 

o "and returning an indication of the database record when the database record 
reflecting the requested digital certificate is found to indicate validity of the 
requested digital certificate" at page 25, [0299]-[0302]; 

o "whereby the indication of the database record includes meta-data reflecting the 
validity of the requested digital certificate." at page 17, [0244]-[0245]. 

The different between the invention of claims 5. 21 and Dulin's teaching is that Dulin 
teach the step of receiving a query based on an online certificate protocol request, but 
does not explicitly teach that the query is a "Lightweight Directory Access Protocol 
query" as claimed. However, Sinn teaches a similar method for certificate validation, 
including a database for storing certificates (Fig. 52, element 36, 2082), wherein the 
database is an LDAP Directory Server and communicates with other server/modules 
using LDAP over SSL" at page 6, [01 19]. Thus, it would have been obvious to one of 
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ordinary skill in the art at the time of the invention was made to combine Dulin and 
Sinn's teachings to implement the certificate database using the well-known LDAP 
directory server as suggested by Sinn, in order to take advantage of the legacy LDAP 
directory server to store digital certificates instead of building a new database server for 
storing digital certificates, and therefore reduces the cost and the complexity of the 
system. 

As per claims 6, 22, Dulin and Sinn teach the method and the computer 
readable medium of claims 5, 21 discussed above. Sinn further teaches a Certificate 
Registration module (Fig. 54) for adding new digital certificates to the database 
comprising the steps of: 

• "sending an indication of a new digital certificate from the certificate authority to 
the database upon issuance of the new digital certificate by the certificate 
authority" at [0372]; 

• "receiving, by the database from the certificate authority, an indication of the new 
digital certificate upon issuance of the new digital certificate by the certificate 
authority" at [0374]; 

• "and storing a database record reflecting an identity of the new digital certificate" 
at [0375]. 

Thus, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to incorporate Sinn's Certificate registration module into Dulin's 



Application/Control Number: 09/867,648 Page 9 

Art Unit: 2167 

system so that the system would allow adding and certificates to the database and 
checking status of the certificates when new certificates are issued. 

As per claims 12, 28, Dulin teaches a method and a computer readable medium 
in a data processing system for validating digital certificates without certification 
revocation lists (page 15, [0207]), the data processing system having a client (Fig. 2, 
element 106), a server (Fig. 2, 108), a responder (Fig. 2, 204), a certificate authority 
(Fig. 2, 102), associating a database storing records of valid digital certificates of the 
certificate authority (Fig. 2, 212, 214), the method comprising: 

• "generating, by the client, a request for a transaction, the request including a 
digital certificate identifying the client; receiving the client request by the 
server" at page 5, [0074]; 

• "creating, by the server, an online certificate status protocol request based on 
the associated digital certificate identifying the client" at page 5, [0074]; 

• "sending, by the server, an online certificate status protocol request to the 
responder;" at page 5, [0075]; 

• "receiving, by the OCSP responder, the online certificate status protocol 
request associated with the digital certificate" at page 5, [0077]; 

• "creating, by the responder, a database query based on the received online 
certificate status protocol request" at page 5, [0079]; 
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• "sending, by the responder, the database query to the database associated 
with the certificate authority to detemrilne whether the digital certificate is 
valid" at page 5, [0079]; 

• "searching the database for a database record identifying the digital certificate 
associated with the online certificate status protocol request" at page 6, 
[0081]; 

• "returning a database query result indicating whether the database record 
identifying the digital certificate is stored in the database;" at page 7, [0094]; 

• "sending, by the responder, a validity indication whether the digital certificate 
is valid based on the query result to the server" at page 25, [0299]-[0302]; 

• "sending, by the server to the client, an indication of whether the transaction 
is authorized based on the validity indication" at page 7, [0095]. 

The different between the invention of claims 12, 28 and Dulin's teaching is that 
Dulin teach the step of creating and sending a database query but does not explicitly 
teach that the database query is a "Lightweight Directory Access Protocol database 
query" (LDAP) as claimed. However, Sinn teaches a similar method for certificate 
validation, Including a database for storing certificates (Fig. 52, element 36, 2082), 
wherein the database is an LDAP Directory Server and communicates with other 
server/modules using LDAP over SSL" at page 6, [01 19]. Thus, it would have been 
obvious to one of ordinary skill in the art at the time of the invention was made to 
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combine Dulin and Sinn's teachings to implement the certificate database using the 
well-known LDAP directory sen/er as suggested by Sinn, in order to take advantage of 
the legacy LDAP directory server to store digital certificates instead building a new 
database server for storing digital certificates, and therefore reduces the cost and the 
complexity of the system. 

As per claim 13, Dulin teaches a data processing system for answering online 
certificate status requests without certificate revocation lists (page 15, [0207]), 
comprising "a memory having program instructions; a processor configured to execute 
the program instructions" (page 22, [0272]) to: 

• "receive from a server an online certificate status protocol request associated 
with a digital certificate" at page 5, [0074]; 

• "create a database query based on the received request, send the database 
query to a database associated with a certificate authority to determine whether 
the digital certificate is valid" at page 5, [0079], 

• "receive a database query result from the database indicating whether the digital 
certificate matches a corresponding entry stored in a database one of the 
certificate database record" at page 6, [0081], 

• "determine the validity of the digital certificate based on the database query 
result" at page 7, [0094], 
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• "and notify the server of the determined validity of the digital certificate" at page 
7. [0095]. 

The different between the invention of claim 13 and Dulin's teaching is that Dulin 
teach the step of creating and sending a database query but does not explicitly teach 
that the database query is a "Lightweight Directory Access Protocol database query" 
(LDAP) as claimed. However, Sinn teaches a similar method for certificate validation, 
including a database for storing certificates (Fig. 52, element 36, 2082), wherein the 
database is an LDAP Directory Server and communicates with other server/modules 
using LDAP over SSL" at page 6, [01 19]. Thus, it would have been obvious to one of 
ordinary skill in the art at the time of the invention was made to combine Dulin and 
Sinn's teachings to implement the certificate database using the well-known LDAP 
directory server as suggested by Sinn, in order to take advantage of the legacy LDAP 
directory server to store digital certificates instead building a new database server for 
storing digital certificates, and therefore reduces the cost and the complexity of the 
system. 

As per claim 16, Dulin teaches a data processing system for answering online 
certificate status requests without certificate revocation lists (page 15, [0207]), 
comprising: 

• "a client computer configured to send a request for a transaction, the request 
including a digital certificate identifying the client" at Fig. 2, element 106 and 
page 5, [0074]; 
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• "a server computer (Fig. 2, element 108) configured to receive the client request" 
(page 5, [0074]), create an online certificate status protocol request based on the 
associated digital certificate identifying the client and send the online certificate 
status protocol request" at page 5, [0074]; 

• "an OCSP responder configured to receive the online certificate status protocol 
request associated with the digital certificate" at page 5, [0077]; 

• "create a database query based on the received online certificate status protocol 
request" at page 5, [0079], and send the database query to determine whether 
the digital certificate is valid" at page 6, [0081]; 

• "a certificate authority that provide valid digital certificates" at Fig. 2, element 102 
and page 1 , [0007]; 

• " a database associated with the certificate authority storing records of valid 
certificates of the certificate authority (Fig. 2, element 214) and configured to 
search for a database record identifying the digital certificate associated with the 
online certificate status protocol request" at page 5, [0079], [0081]; 

• "return an database query result indicating whether the digital certificate matches 
one of the records stored in the database" at page 6, [0085]. 

• "wherein the OCSP responder determines that the digital certificate is valid when 
it receives an database query result reflecting that the digital certificate matches 
one of the database records" at page 6, [0091]-[0092]. 
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The different between the invention of claim 16 and Dulin's teaching is that Dulin 
teach the step of creating and sending a database query but does not explicitly teach 
that the database query is a "Lightweight Directory Access Protocol database query" 
(LDAP) as claimed. However, Sinn teaches a similar method for certificate validation, 
including a database for storing certificates (Fig. 52, element 36, 2082), wherein the 
database is an LDAP Directory Server and communicates with other server/modules 
using LDAP over SSL" at page 6, [01 19]. Thus, it would have been obvious to one of 
ordinary skill in the art at the time of the invention was made to combine Dulin and 
Sinn's teachings to implement the certificate database using the well-known LDAP 
directory server as suggested by Sinn, in order to take advantage of the legacy LDAP 
directory server to store digital certificates instead building a new database server for 
storing digital certificates, and therefore reduces the cost and the complexity of the 
system. 

As per claim 30, Dulin and Sinn teach the method according to claim 1 
discussed above. Dulin also teaches: 

• "the server and the OCSP responder reside in a first computer network" at Fig. 2, 
elements 104, 108; 

• "the certificate authority and the certificate database reside in a second computer 
network" at Fig. 2, element 102, 214; 

• "the first computer network is connected to the second computer network via a 
computer network firewall" at page 16, [0229] and page 25, [0306]. 
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Response to Arguments 

5. Applicant's arguments filed October 14, 2004 have been considered but are moot 
in view of the new ground(s) of rejection. 

Applicant argued that Sinn does not teach the steps of: "receiving, at the OCSP 
responder, an OCSP request associated with a digital certificates generated by the 
server" nor "sending, by the OCSP responder, the lightweight Directory Access Protocol 
database query to the certificate database associated with the certificate authority to 
determine whether the digital certificate is valid". However, as presented in section 4 
above, Dulin teaches the step of: "receiving, at the OCSP responder, an OCSP request 
associated with a digital certificates generated by the server" at page 5, [0074] and 
[0077]; Dulin also teaches the step of "sending by the OCSP responder, the database 
query to the certificate database associated with the certificate authority to determine 
whether the digital certificate is valid" at page 6, [0081]. 

Dulin teach the step of creating and sending a database query but does not explicitly 
teach that the database query is a "Lightweight Directory Access Protocol database 
query" (LDAP) as claimed. However, Sinn teaches a similar method for certificate 
validation, including a database for storing certificates (Fig. 52, element 36, 2082), 
wherein the database is an LDAP Directory Server and communicates with other 
server/modules using LDAP over SSL" at page 6, [01 19]. Thus, it would have been 
obvious to one of ordinary skill in the art at the time of the invention was made to 
combine Dulin and Sinn's teachings to implement the certificate database using the 
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well-known LDAP directory server as suggested by Sinn, in order to take advantage of 
the legacy LDAP directory server to store digital certificates instead building a new 
database server for storing digital certificates, and therefore reduces the cost and the 
complexity of the system. Claims 1-6, 12-13. 16-22, 28-30 therefore remain rejected. 

Conclusion 

6. The prior art made of record, listed on form PTO-892, and not relied upon, if any, 
is considered pertinent to applicant's disclosure. 

If a reference indicated as being mailed on PTO-FORM 892 has not been 
enclosed in this action, please contact Lisa Craney whose telephone number is (571) 
272-3574 for faster service. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Khanh B. Pham whose telephone number is (571) 272- 
41 16. The examiner can normally be reached on Monday through Friday 7:30am to 
4;00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John E Breene can be reached on (571) 272-4107. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Khanh B. Pham 
Examiner 
Art Unit 2167 



December 20, 2004 




